package SV_SSRF_URI;

import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import java.io.IOException;
import java.net.URI;
import java.net.URISyntaxException;
import java.net.http.HttpClient;
import java.net.http.HttpRequest;

public class Vulnerable {
    public class SV_SSRF_URI_POSITIVE_JAKARTA {
        protected void doGet(HttpServletRequest req, HttpServletResponse resp) throws IOException,URISyntaxException, InterruptedException {
            HttpClient client = HttpClient.newHttpClient();
            String url = req.getParameter("uri");
            URI uri = new URI(url);
            // BAD: a request parameter is incorporated without validation into a Http request
            HttpRequest r = HttpRequest.newBuilder(uri).build();
            client.send(r, null);
        }
    }
}
